cancel
Showing results for 
Search instead for 
Did you mean: 

Why have Plusnet blocked secure DNS?

pv
Grafter
Posts: 84
Thanks: 8
Registered: ‎12-06-2019

Re: Why have Plusnet blocked secure DNS?

I can't replicate this. I just did a package capture to prove I can resolve a query via DoT to 8.8.8.8.

 

image.png

Swipe
Grafter
Posts: 45
Thanks: 6
Fixes: 2
Registered: ‎30-05-2010

Re: Why have Plusnet blocked secure DNS?


@pv wrote:

I can't replicate this. I just did a package capture to prove I can resolve a query via DoT to 8.8.8.8.


 

As I mentioned in one of my earlier posts, this is not consistent across the Plusnet network. DoT still works fine on my mother's ADSL but not on my fibre connection at my house. So it looks like you are one on the unaffected ones and yet to pick up the changes. I'm looking for a pattern here, are you on ADSL or fibre? And when did your router last reboot or reconnect?

pv
Grafter
Posts: 84
Thanks: 8
Registered: ‎12-06-2019

Re: Why have Plusnet blocked secure DNS?


@Swipe wrote:


 I'm looking for a pattern here, are you on ADSL or fibre? And when did your router last reboot or reconnect?


 

I'm on fibre and I restarted the PPP session just prior to the test.

kev51773
Newbie
Posts: 4
Thanks: 5
Registered: ‎18-07-2020

Re: Why have Plusnet blocked secure DNS?

Strangely, I've just got home and seen this so I retested and it's working for me today too.
Swipe
Grafter
Posts: 45
Thanks: 6
Fixes: 2
Registered: ‎30-05-2010

Re: Why have Plusnet blocked secure DNS?

I only use DoT on my android phone. I don't suppose you have an android phone you can test 1dot1dot1dot1.cloudflare-dns.com on do you?

 

 

Swipe
Grafter
Posts: 45
Thanks: 6
Fixes: 2
Registered: ‎30-05-2010

Re: Why have Plusnet blocked secure DNS?


@kev51773 wrote:
Strangely, I've just got home and seen this so I retested and it's working for me today too.

Still not working for me. I'll try reconnecting my session when I log off from work later

Swipe
Grafter
Posts: 45
Thanks: 6
Fixes: 2
Registered: ‎30-05-2010

Re: Why have Plusnet blocked secure DNS?

Just quickly reconnected my router and got a new IP. Still unable to connect using DoT 🙁

pv
Grafter
Posts: 84
Thanks: 8
Registered: ‎12-06-2019

Re: Why have Plusnet blocked secure DNS?


@Swipe wrote:

I only use DoT on my android phone. I don't suppose you have an android phone you can test 1dot1dot1dot1.cloudflare-dns.com on do you?

 

 


 

Yep, it works on that too. I used one.one.one.one.

 

image.png

pv
Grafter
Posts: 84
Thanks: 8
Registered: ‎12-06-2019

Re: Why have Plusnet blocked secure DNS?

Try telnetting to 1.1.1.1 port 853 from a PC/Mac. If you can connect then it may be an issue with the phone.

Swipe
Grafter
Posts: 45
Thanks: 6
Fixes: 2
Registered: ‎30-05-2010

Re: Why have Plusnet blocked secure DNS?

one.one.one.one works for me but not nextdns.io which is the reason I need it so I can block ads on my phone. I'm not fussed about the privacy aspects of DoT, I just want native ad blocking without the need for the NextDNS app.

 

I'm also a bit miffed that I'm paying for a DNS provided service that I can no longer use on my home network.

pv
Grafter
Posts: 84
Thanks: 8
Registered: ‎12-06-2019

Re: Why have Plusnet blocked secure DNS?


@Swipe wrote:

one.one.one.one works for me but not nextdns.io which is the reason I need it so I can block ads on my phone. I'm not fussed about the privacy aspects of DoT, I just want native ad blocking without the need for the NextDNS app.


 

Nextdns appears to work for me too.

 

image.png

Swipe
Grafter
Posts: 45
Thanks: 6
Fixes: 2
Registered: ‎30-05-2010

Re: Why have Plusnet blocked secure DNS?

Not sure what's going on then because it was working fine one day and then not the next but still works at my mother's house using nextdns.

Alex
Community Veteran
Posts: 5,500
Thanks: 921
Fixes: 13
Registered: ‎05-04-2007

Re: Why have Plusnet blocked secure DNS?

I've just tried it on my Mac and my IPhone XS Max (on wireless here). Both work.

I am on a Virgin Media connection, or as I like to call it Branson Media since he has a bit of a monopoly on the cable service in the UK. The Monopolies and Mergers Commission must have had some long lunches down the pub when they allowed Branson to control it all.

If I need to go over to my sisters later today (the PlusNet connection) - I will post back with any results.

bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Why have Plusnet blocked secure DNS?

To stamp out any conjecture, there's no proactive intention to block DoT here 🙄

For those unable to resolve using DoT then I'd suggest we start by looking at your IP addresses.

If you can visit here and post the first two octets of your IP address then we might start to notice a trend that we can use as a basis for investigation.

Working here for me on 80.229.x.x

It would also be useful if people experiencing difficulties can post traceroutes to their DNS resolver of choice so we can see what route your traffic is taking, eg:

 

>tracert 1dot1dot1dot1.cloudflare-dns.com

Tracing route to 1dot1dot1dot1.cloudflare-dns.com [1.0.0.1]
over a maximum of 30 hops:

  1     1 ms     1 ms     2 ms  home.gateway [192.168.1.254]
  2    11 ms    11 ms    11 ms  252.core.plus.net [195.166.130.252]
  3    12 ms    13 ms    12 ms  84.93.253.99
  4    11 ms    11 ms    11 ms  core1-BE1.southbank.ukcore.bt.net [195.99.125.130]
  5    13 ms    17 ms    15 ms  peer7-et-4-1-2.telehouse.ukcore.bt.net [194.72.16.136]
  6    21 ms    12 ms    12 ms  109.159.253.95
  7    12 ms    13 ms    12 ms  one.one.one.one [1.0.0.1]

Trace complete.

 

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Swipe
Grafter
Posts: 45
Thanks: 6
Fixes: 2
Registered: ‎30-05-2010

Re: Why have Plusnet blocked secure DNS?

Thanks Bob, it's good to know there's no active intention to block DoT here:

 

My IP is: 209.93.XXX.XXX which is currently blocking NextDns but allowing Cloudflare

 

[swipe@Nuc ~]$ traceroute 45.90.28.14

traceroute to 45.90.28.14 (45.90.28.14), 30 hops max, 60 byte packets

1 _gateway (192.168.1.254) 8.609 ms 8.592 ms 8.650 ms

2 * * *

3 * * *

4 128.hiper04.sheff.dial.plus.net.uk (195.166.143.128) 19.441 ms 132.hiper04.sheff.dial.plus.net.uk (195.166.143.132) 20.511 ms 21.387 ms

5 195.99.125.136 (195.99.125.136) 21.983 ms 195.99.125.140 (195.99.125.140) 21.911 ms 24.231 ms

6 peer8-et-0-0-1.telehouse.ukcore.bt.net (62.172.103.170) 24.110 ms peer8-et-0-1-6.telehouse.ukcore.bt.net (194.72.16.144) 16.016 ms peer8-et-4-0-1.telehouse.ukcore.bt.net (194.72.16.154) 15.845 ms

7 5.226.136.50 (5.226.136.50) 17.487 ms 15.105 ms 16.037 ms

8 ae1.rt1-cr.ldn.as25369.net (5.226.136.39) 17.284 ms 17.114 ms 17.777 ms

9 ae7.31-cs0-cr.ldn.as25369.net (185.38.150.227) 20.706 ms 21.034 ms 24.742 ms

10 fwd-1.crd.lon07.gb.misaka.io (45.11.107.160) 16.133 ms 16.935 ms 15.249 ms

11 * * *

12 * * *

13* * *

 

I will update tomorrow with the IP of my mother's ADSL that is permitting DoT traffic to NextDNS